P
US8065532B2ExpiredUtilityPatentIndex 72

Cryptographic architecture with random instruction masking to thwart differential power analysis

Assignee: SHU DAVID BPriority: Jun 8, 2004Filed: Jun 8, 2004Granted: Nov 22, 2011
Est. expiryJun 8, 2024(expired)· nominal 20-yr term from priority
Inventors:SHU DAVID BCHOW LAP-WAICLARK JR WILLIAM M
G06F 21/755H04L 2209/08H04L 9/003G06F 9/321G06F 21/85G06F 21/72G06F 9/3001G09C 1/00H04L 9/0625H04L 2209/12G06F 9/3836G06F 2221/2123G06F 9/30101G06F 9/30181
72
PatentIndex Score
6
Cited by
48
References
34
Claims

Abstract

An apparatus and method for preventing information leakage attacks that utilize timeline alignment. The apparatus and method inserts a random number of instructions into an encryption algorithm such that the leaked information can not be aligned in time to allow an attacker to break the encryption.

Claims

exact text as granted — not AI-modified
1. A cryptographic architecture comprising: a processor; a memory module containing an encryption algorithm coupled to said processor; a control flag register coupled to said processor for controlling a state operation of the processor; and a random number generator coupled to said control flag register, wherein said processor sets said control flag register and said random number generator resets said control flag register. 
     
     
       2. The cryptographic architecture of  claim 1  further comprising: a plurality of lookup tables coupled to said processor; and a lookup table address calculation subroutine within said encryption algorithm; wherein a set of random instructions is performed during said lookup table address calculation subroutine when said processor sets said control flag register until said random number generator resets said control flag register. 
     
     
       3. The cryptographic architecture of  claim 2  wherein the set of random instructions contains a random number of random instructions. 
     
     
       4. The cryptographic architecture of  claim 1  further comprising: a plurality of lookup tables coupled to said processor; a lookup table address calculation subroutine within said encryption algorithm; and wherein a set of pseudo instructions is performed during said lookup table address calculation subroutine when said processor sets said control flag register until said random number generator resets said control flag register, said set comprising a random number of pseudo instructions. 
     
     
       5. The cryptographic architecture of  claim 1  wherein said random number generator is a one-bit random number generator. 
     
     
       6. The cryptographic architecture of  claim 1  wherein said processor is a 16-bit, 32-bit or 64-bit processor. 
     
     
       7. The cryptographic architecture of  claim 1  wherein said encryption algorithm is a Data Encryption Standard (DES) algorithm. 
     
     
       8. A system for thwarting differential power analysis, said system comprising:
 means for running an encryption algorithm; and 
 means for inserting a random number of pseudo instructions into said encryption algorithm, the pseudo instructions emulating bit-wise shift instructions power consumption wise, said means for inserting a random number of pseudo instructions into said encryption algorithm being triggered by an instruction contained in said encryption algorithm and the number of random pseudo instructions inserted at any given time being controlled by a random number counter operating externally of said algorithm. 
 
     
     
       9. The system of  claim 8  wherein said means for running an encryption algorithm comprises: a processor; and a memory module containing said encryption algorithm coupled to said processor. 
     
     
       10. The system of  claim 9  wherein said processor is a 16-bit, 32-bit or 64-bit processor. 
     
     
       11. The system of  claim 9  wherein said encryption algorithm is a Data Encryption Standard (DES) algorithm. 
     
     
       12. The system of  claim 8  wherein said means for inserting comprises: a control flag register coupled to said processor; and a random number generator coupled to said control flag register. 
     
     
       13. The system of  claim 12  wherein said random number generator is a one-bit random number generator. 
     
     
       14. A system for decorrelating side channel information, said system comprising: means for running a Data Encryption Standard (DES) algorithm, said DES algorithm comprising a plurality of substitution/permutation box entry address evaluations; and means for inserting a random number of shifting instructions run in at least one of said plurality of substitution/permutation box entry address evaluations. 
     
     
       15. The system of  claim 14  wherein said means for running a DES algorithm comprises: a processor; and a memory module containing said DES algorithm coupled to said processor; and a plurality of lookup tables coupled to said processor, said plurality of substitution/permutation boxes being implemented in said plurality of lookup tables. 
     
     
       16. The system of  claim 15  wherein said processor is a 16-bit, 32-bit or 64-bit processor. 
     
     
       17. The system of  claim 14  wherein said means for inserting comprises: a control flag register coupled to said processor; and a random number generator coupled to said control flag register. 
     
     
       18. The system of  claim 17  wherein said random number generator is a one-bit random number generator. 
     
     
       19. A system for decorrelating side channel information, said system comprising: means for running a Data Encryption Standard (DES) algorithm, said DES algorithm comprising a plurality of substitution/permutation box entry address evaluations; and means for inserting a random number of pseudo instructions in at least one of said plurality of substitution/permutation box entry address evaluations, wherein the pseudo instructions emulate bit-wise shift instructions power consumption wise. 
     
     
       20. The system of  claim 19  wherein said means for running a DES algorithm comprises: a processor; and a memory module containing said DES algorithm coupled to said processor; and a plurality of lookup tables coupled to said processor, said plurality of substitution/permutation boxes being implemented in said plurality of lookup tables. 
     
     
       21. The system of  claim 20  wherein said processor is a 16-bit, 32-bit or 64-bit processor. 
     
     
       22. The system of  claim 20  wherein said random number generator is a one-bit random number generator. 
     
     
       23. The system of  claim 20  further including a random number generator for generating said pseudo instructions. 
     
     
       24. The system of  claim 19  wherein said means for inserting comprises: a control flag register coupled to said processor; and a random number generator coupled to said control flag register. 
     
     
       25. A method of altering a power trace of a cryptographic architecture comprising: running an encryption algorithm; setting a control flag by a control flag instruction in said algorithm; inhibiting assessing additional instructions of said algorithm and performing instead a random number of pseudo instructions when said control flag is set; and resetting said control flag when said random number of pseudo instructions have been performed, wherein the pseudo instructions emulate bit-wise shift instructions power consumption wise. 
     
     
       26. The method of  claim 25  wherein the setting of said control flag further comprises halting a state machine of said processor running said encryption algorithm. 
     
     
       27. The method of  claim 26  wherein the halting of the state machine further comprises disabling a destination register in said state machine. 
     
     
       28. The method of  claim 25  further comprising modifying said encryption algorithm to shuffle an access order of a plurality of lookup tables. 
     
     
       29. The method of  claim 25  wherein said encryption algorithm is a Date Encryption Standard (DES) algorithm. 
     
     
       30. The method of  claim 25  further comprising resetting said control flag, wherein said step of resetting further comprises sending a signal from a random number generator to a control flag register. 
     
     
       31. A method of inhibiting a successful differential power analysis of a cryptographic device comprising:
 randomly increasing an amount of time required to determine at least one lookup table address; and 
 randomly increasing an amount of time occurring between one access of said at least one lookup table and a subsequent access of another lookup table, 
 wherein the randomly increasing steps are performed by executing random numbers of pseudo shift instructions in a state machine during the time required to determine said at least one lookup table address. 
 
     
     
       32. The method of  claim 31  wherein the step of randomly increasing an amount of time required to determine at least one lookup table address includes inserting a random number of extra program cycles when determining said at least one lookup table address. 
     
     
       33. The method of  claim 31  wherein the randomly increasing steps are initiated in response to computer program instructions set forth in an encryption algorithm of said cryptographic device. 
     
     
       34. A method of inhibiting a successful differential power analysis of a cryptographic device comprising:
 randomly increasing an amount of time required to determine at least one lookup table address; and 
 randomly increasing an amount of time occurring between one access of said at least one lookup table and a subsequent access of another lookup table, 
 wherein the pseudo instructions emulate bit-wise shift instructions power consumption wise.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.